Skip to main content

Table 7 Performance of Vulnerability Identification under Different Indirect Call Analysis

From: ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis

Programs #Total-int-ops LAID(Definition-based) Type-based ELAID(LAID+Type)
   #IO2BO-sites Ratio Analysis time(s) #IO2BO-sites Ratio Analysis time(s) #IO2BO-sites Ratio Analysis time(s)
gocr 4583 23 0.5% 2.1 24 0.5% 4 24 0.5% 3
jasper 2482 84 3.4% 2.9 84 3.4% 5 84 3.4% 5
cpio 655 17 2.6% 1.1 19 2.9% < 1 19 2.9% < 1
libexif 597 19 3.18% < 1 19 3.18% < 1 19 3.18% < 1
jbig2dec 778 10 1.29% < 1 14 1.8% < 1 14 1.8% < 1
swftools 8253 233 2.7% 11.4 242 2.9% 13 242 2.9% 15
linux kernel 63739 313 0.5% 7202 325 0.5% 6682 325 0.5% 6567
Average - - 2% - - 2.2% - - 2.2% -